Posts Tagged ‘cloud security’

 

How to Recover from a Linux Security Breach – Recovery & Hardening (Part 2)

Tuesday, January 29th, 2013 by

This is Part 2 of a GoGrid security blog series on identifying and recovering from a Linux security breach. Part 1 provided general guidelines for conducting a security analysis on a compromised Linux server and forming strategic teams to address and resolve the breach.

In this article, we’ll review some recommended steps for recovering from a breach.

Recovering from the Breach

Lock the doors

Now that you’ve confirmed that there are no intruders logged in and you’ve identified the established connections, it’s time to “lock the doors.” Locking the doors largely depends on who is managing your firewall. Contact GoGrid in the event that we’re managing your firewall or perform the following actions if you manage your firewall:

  • Modify your system’s iptables configuration to restrict all remote console connections such as SSH to your office network
  • Modify your system’s iptables configuration to block all previously identified suspicious connections from and to your system.
  • Modify your system’s iptables to block all other services from the public Internet to your server. Doing so will effectively bring down your website or services, but you want to avoid compromising your customers or web site visitors.

Install and run a rootkit analyzer

(more…) «How to Recover from a Linux Security Breach – Recovery & Hardening (Part 2)»

How to Recover from a Linux Security Breach – Forensics, Analysis, & Building Teams (Part 1)

Monday, January 28th, 2013 by

This 2-part GoGrid security blog series provides general guidelines for conducting a security analysis on a compromised Linux server and for recovering from a breach. Before you begin the security analysis, you need to consider two important factors:

1. The type of data your compromised server is storing or transmitting,
2. How important the server’s function is to your business

The data type—Personally Identifiable Information (PII) or Protected Health Information (PHI), for example—is important because your organization could be legally required to notify external parties and local or federal government agencies in the event of a breach. The compromised server’s function is important because its criticality may drive the recovery timeline.

You also may want to consider engaging a third-party that specializes in security forensics.

This series will cover 3 important items:

1) Understanding & assessing the breach
2) Setting up forensics & recovery teams
3) Recovering from the breach

Although this series won’t replace what a competent security firm can accomplish, it does provide an overview of some core processes, procedures, and activities you can do to potentially recover from a breach. And because each incident varies based on your computer system, be sure to conduct additional analysis and consult with experts to double-check your breach identification and resolution plan. (more…) «How to Recover from a Linux Security Breach – Forensics, Analysis, & Building Teams (Part 1)»

Small companies should consider cloud-based disaster recovery programs

Thursday, November 29th, 2012 by

In the past, every new technology implemented by a company needed to have a positive return on investment or reduce costs in some way for it to have a sound impact on an organization. While saving money is still important today, it is not necessarily the main reason companies are deploying innovative solutions.

As new cyber dangers and natural disasters pressure small organizations to be prepared with robust disaster recovery and business continuity plans, decision-makers are turning to cloud computing for scalable and automated environments, according to a study by InformationWeek Reports. Since the cloud comes in a variety of forms, enabling executives to leverage on- or off-site structures to host mission-critical information, small companies can use the services to promote long-term safety.

Small companies should consider cloud-based disaster recovery programs

The study revealed that the cloud is also raising awareness of the importance of businesses continuity and disaster recovery programs, as 67 percent of respondents said they currently have a plan in place, while another 23 percent have a strategy to launch an initiative within the next 12 to 24 months. Only 10 percent of respondents lack any plans.

The survey also found that 17 percent of decision-makers are using cloud-based services to enhance disaster recovery programs, while another 26 percent are considering doing so.

Why use the cloud for disaster recovery?
In addition to the scalable and financial benefits associated with incorporating cloud computing into a business continuity strategy, executives can also ensure their initiatives are on pace with evolving demands through frequent testing programs, InformationWeek Reports said. While legacy disaster recovery tools often enable companies to check operations every so often, the cloud provides decision-makers with the ability to ensure sensitive applications and data are recoverable at any time.

InformationWeek Reports said cloud-based business continuity programs enable small firms to have end-to-end backup orchestrated for their entire data center. This lets executives migrate massive volumes of records to the public or private cloud on demand.

(more…) «Small companies should consider cloud-based disaster recovery programs»

Cloud security misconceptions impeding progress

Thursday, November 8th, 2012 by

Although the cloud is a major disruption to the IT landscape, it is not the first and it won’t be the last in this regard. With that being said, companies neglecting the cloud are likely falling behind rivals that have already adopted the technology, as the cloud promises to reduce IT expenses and enhance operations – both of which are critical in today’s unpredictable economy.

Even though these benefits are well known throughout the private sector, cloud computing adoption rates are not as high as they should be. Although there are several reasons for this, some have more of an impact than others.

Cloud security misconceptions impeding progress

Chris Weitz, a director at Deloitte Consulting, recently spoke with TechTarget and said that data security and privacy in the cloud are the leading inhibitors. This is largely because the cloud enables companies to extend their customer base, potentially reaching into previously untapped markets. At the same time, however, decision-makers are forced to deal with varying compliance regulations and privacy laws that can impede an organization’s progress.

“One huge problem, of course, is that data is not physically stored in any one computer in a cloud computing environment, it’s spread across thousands of them, so there’s no one physical place to check,” Weitz said. “It’s all done by software, and software by definition is not directly observable, so you need other software to observe that software.”

Keeping cloud environments protected
Just because security is a common concern in the cloud doesn’t mean decision-makers cannot take things into their own hands and protect the virtual environments. By learning about the technology and speaking with service providers, IT executives can guarantee their cloud services are safe enough to manage mission-critical information and applications.

According to a separate report by American Banker, executives need to speak with vendors and create a robust service-level agreement that guarantees multiple layers of security. In doing so, small and large businesses alike can leverage a cloud infrastructure with greater confidence and not worry about inadvertently exposing confidential information.

(more…) «Cloud security misconceptions impeding progress»